diff options
author | David Hook <dgh@cryptoworkshop.com> | 2013-11-25 06:18:55 +0400 |
---|---|---|
committer | David Hook <dgh@cryptoworkshop.com> | 2013-11-25 06:18:55 +0400 |
commit | cd5332585f5da30d4d340d4ef9ff8f8f96871ef3 (patch) | |
tree | aeffac8440647b8bf467339fb3b4737257c87be1 /mail | |
parent | 08b70f7c8cb04ab7990eae5281bb6939ade11357 (diff) |
update
Diffstat (limited to 'mail')
-rw-r--r-- | mail/src/main/jdk1.3/org/bouncycastle/mail/smime/SMIMESignedGenerator.java | 1092 |
1 files changed, 0 insertions, 1092 deletions
diff --git a/mail/src/main/jdk1.3/org/bouncycastle/mail/smime/SMIMESignedGenerator.java b/mail/src/main/jdk1.3/org/bouncycastle/mail/smime/SMIMESignedGenerator.java deleted file mode 100644 index 6afdcf59..00000000 --- a/mail/src/main/jdk1.3/org/bouncycastle/mail/smime/SMIMESignedGenerator.java +++ /dev/null @@ -1,1092 +0,0 @@ -package org.bouncycastle.mail.smime; - -import java.io.IOException; -import java.io.OutputStream; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.Provider; -import org.bouncycastle.jce.cert.CertStore; -import org.bouncycastle.jce.cert.CertStoreException; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.TreeSet; - -import javax.activation.CommandMap; -import javax.activation.MailcapCommandMap; -import javax.mail.MessagingException; -import javax.mail.Multipart; -import javax.mail.internet.ContentType; -import javax.mail.internet.MimeBodyPart; -import javax.mail.internet.MimeMessage; -import javax.mail.internet.MimeMultipart; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.cms.CMSAlgorithm; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.CMSSignedDataStreamGenerator; -import org.bouncycastle.cms.SignerInfoGenerator; -import org.bouncycastle.cms.SignerInformation; -import org.bouncycastle.cms.SignerInformationStore; -import org.bouncycastle.mail.smime.util.CRLFOutputStream; -import org.bouncycastle.util.Store; -import org.bouncycastle.x509.X509Store; - -/** - * general class for generating a pkcs7-signature message. - * <p> - * A simple example of usage. - * - * <pre> - * X509Certificate signCert = ... - * KeyPair signKP = ... - * - * List certList = new ArrayList(); - * - * certList.add(signCert); - * - * Store certs = new JcaCertStore(certList); - * - * SMIMESignedGenerator gen = new SMIMESignedGenerator(); - * - * gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC").build("SHA1withRSA", signKP.getPrivate(), signCert)); - * - * gen.addCertificates(certs); - * - * MimeMultipart smime = fact.generate(content); - * </pre> - * <p> - * Note 1: if you are using this class with AS2 or some other protocol - * that does not use "7bit" as the default content transfer encoding you - * will need to use the constructor that allows you to specify the default - * content transfer encoding, such as "binary". - * </p> - * <p> - * Note 2: between RFC 3851 and RFC 5751 the values used in the micalg parameter - * for signed messages changed. We will accept both, but the default is now to use - * RFC 5751. In the event you are dealing with an older style system you will also need - * to use a constructor that sets the micalgs table and call it with RFC3851_MICALGS. - * </p> - */ -public class SMIMESignedGenerator - extends SMIMEGenerator -{ - public static final String DIGEST_SHA1 = OIWObjectIdentifiers.idSHA1.getId(); - public static final String DIGEST_MD5 = PKCSObjectIdentifiers.md5.getId(); - public static final String DIGEST_SHA224 = NISTObjectIdentifiers.id_sha224.getId(); - public static final String DIGEST_SHA256 = NISTObjectIdentifiers.id_sha256.getId(); - public static final String DIGEST_SHA384 = NISTObjectIdentifiers.id_sha384.getId(); - public static final String DIGEST_SHA512 = NISTObjectIdentifiers.id_sha512.getId(); - public static final String DIGEST_GOST3411 = CryptoProObjectIdentifiers.gostR3411.getId(); - public static final String DIGEST_RIPEMD128 = TeleTrusTObjectIdentifiers.ripemd128.getId(); - public static final String DIGEST_RIPEMD160 = TeleTrusTObjectIdentifiers.ripemd160.getId(); - public static final String DIGEST_RIPEMD256 = TeleTrusTObjectIdentifiers.ripemd256.getId(); - - public static final String ENCRYPTION_RSA = PKCSObjectIdentifiers.rsaEncryption.getId(); - public static final String ENCRYPTION_DSA = X9ObjectIdentifiers.id_dsa_with_sha1.getId(); - public static final String ENCRYPTION_ECDSA = X9ObjectIdentifiers.ecdsa_with_SHA1.getId(); - public static final String ENCRYPTION_RSA_PSS = PKCSObjectIdentifiers.id_RSASSA_PSS.getId(); - public static final String ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.gostR3410_94.getId(); - public static final String ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.gostR3410_2001.getId(); - - private static final String CERTIFICATE_MANAGEMENT_CONTENT = "application/pkcs7-mime; name=smime.p7c; smime-type=certs-only"; - private static final String DETACHED_SIGNATURE_TYPE = "application/pkcs7-signature; name=smime.p7s; smime-type=signed-data"; - private static final String ENCAPSULATED_SIGNED_CONTENT_TYPE = "application/pkcs7-mime; name=smime.p7m; smime-type=signed-data"; - - public static final Map RFC3851_MICALGS; - public static final Map RFC5751_MICALGS; - public static final Map STANDARD_MICALGS; - - private static MailcapCommandMap addCommands(CommandMap cm) - { - MailcapCommandMap mc = (MailcapCommandMap)cm; - - mc.addMailcap("application/pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_signature"); - mc.addMailcap("application/pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_mime"); - mc.addMailcap("application/x-pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_signature"); - mc.addMailcap("application/x-pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_mime"); - mc.addMailcap("multipart/signed;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.multipart_signed"); - - return mc; - } - - static - { - CommandMap.setDefaultCommandMap(addCommands(CommandMap.getDefaultCommandMap())); - - Map stdMicAlgs = new HashMap(); - - stdMicAlgs.put(CMSAlgorithm.MD5, "md5"); - stdMicAlgs.put(CMSAlgorithm.SHA1, "sha-1"); - stdMicAlgs.put(CMSAlgorithm.SHA224, "sha-224"); - stdMicAlgs.put(CMSAlgorithm.SHA256, "sha-256"); - stdMicAlgs.put(CMSAlgorithm.SHA384, "sha-384"); - stdMicAlgs.put(CMSAlgorithm.SHA512, "sha-512"); - stdMicAlgs.put(CMSAlgorithm.GOST3411, "gostr3411-94"); - - RFC5751_MICALGS = Collections.unmodifiableMap(stdMicAlgs); - - Map oldMicAlgs = new HashMap(); - - oldMicAlgs.put(CMSAlgorithm.MD5, "md5"); - oldMicAlgs.put(CMSAlgorithm.SHA1, "sha1"); - oldMicAlgs.put(CMSAlgorithm.SHA224, "sha224"); - oldMicAlgs.put(CMSAlgorithm.SHA256, "sha256"); - oldMicAlgs.put(CMSAlgorithm.SHA384, "sha384"); - oldMicAlgs.put(CMSAlgorithm.SHA512, "sha512"); - oldMicAlgs.put(CMSAlgorithm.GOST3411, "gostr3411-94"); - - RFC3851_MICALGS = Collections.unmodifiableMap(oldMicAlgs); - - STANDARD_MICALGS = RFC5751_MICALGS; - } - - private final String defaultContentTransferEncoding; - private final Map micAlgs; - - private List _certStores = new ArrayList(); - private List certStores = new ArrayList(); - private List crlStores = new ArrayList(); - private List attrCertStores = new ArrayList(); - private List signerInfoGens = new ArrayList(); - private List _signers = new ArrayList(); - private List _oldSigners = new ArrayList(); - private List _attributeCerts = new ArrayList(); - private Map _digests = new HashMap(); - - /** - * base constructor - default content transfer encoding 7bit - */ - public SMIMESignedGenerator() - { - this("7bit", STANDARD_MICALGS); - } - - /** - * base constructor - default content transfer encoding explicitly set - * - * @param defaultContentTransferEncoding new default to use. - */ - public SMIMESignedGenerator( - String defaultContentTransferEncoding) - { - this(defaultContentTransferEncoding, STANDARD_MICALGS); - } - - /** - * base constructor - default content transfer encoding explicitly set - * - * @param micAlgs a map of ANS1ObjectIdentifiers to strings hash algorithm names. - */ - public SMIMESignedGenerator( - Map micAlgs) - { - this("7bit", micAlgs); - } - - /** - * base constructor - default content transfer encoding explicitly set - * - * @param defaultContentTransferEncoding new default to use. - * @param micAlgs a map of ANS1ObjectIdentifiers to strings hash algorithm names. - */ - public SMIMESignedGenerator( - String defaultContentTransferEncoding, - Map micAlgs) - { - this.defaultContentTransferEncoding = defaultContentTransferEncoding; - this.micAlgs = micAlgs; - } - - /** - * add a signer - no attributes other than the default ones will be - * provided here. - * - * @param key key to use to generate the signature - * @param cert the public key certificate associated with the signer's key. - * @param digestOID object ID of the digest algorithm to use. - * @exception IllegalArgumentException any of the arguments are inappropriate - * @deprecated use addSignerInfoGenerator() - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String digestOID) - throws IllegalArgumentException - { - _signers.add(new Signer(key, cert, new ASN1ObjectIdentifier(digestOID), null, null)); - } - - /** - * add a signer - no attributes other than the default ones will be - * provided here. - * - * @param key key to use to generate the signature - * @param cert the public key certificate associated with the signer's key. - * @param encryptionOID object ID of the digest ecnryption algorithm to use. - * @param digestOID object ID of the digest algorithm to use. - * @exception IllegalArgumentException any of the arguments are inappropriate - * @deprecated use addSignerInfoGenerator() - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String encryptionOID, - String digestOID) - throws IllegalArgumentException - { - _signers.add(new Signer(key, cert, new ASN1ObjectIdentifier(encryptionOID), new ASN1ObjectIdentifier(digestOID), null, null)); - } - - /** - * Add a signer with extra signed/unsigned attributes or overrides - * for the standard attributes. For example this method can be used to - * explictly set default attributes such as the signing time. - * - * @param key key to use to generate the signature - * @param cert the public key certificate associated with the signer's key. - * @param digestOID object ID of the digest algorithm to use. - * @param signedAttr signed attributes to be included in the signature. - * @param unsignedAttr unsigned attribitues to be included. - * @exception IllegalArgumentException any of the arguments are inappropriate - * @deprecated use addSignerInfoGenerator() - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String digestOID, - AttributeTable signedAttr, - AttributeTable unsignedAttr) - throws IllegalArgumentException - { - _signers.add(new Signer(key, cert, new ASN1ObjectIdentifier(digestOID), signedAttr, unsignedAttr)); - } - - /** - * Add a signer with extra signed/unsigned attributes or overrides - * for the standard attributes and a digest encryption algorithm. For - * example this method can be used to explictly set default attributes - * such as the signing time. - * - * @param key key to use to generate the signature - * @param cert the public key certificate associated with the signer's key. - * @param encryptionOID the digest encryption algorithm OID. - * @param digestOID object ID of the digest algorithm to use. - * @param signedAttr signed attributes to be included in the signature. - * @param unsignedAttr unsigned attribitues to be included. - * @exception IllegalArgumentException any of the arguments are inappropriate - * @deprecated use addSignerInfoGenerator() - */ - public void addSigner( - PrivateKey key, - X509Certificate cert, - String encryptionOID, - String digestOID, - AttributeTable signedAttr, - AttributeTable unsignedAttr) - throws IllegalArgumentException - { - _signers.add(new Signer(key, cert, new ASN1ObjectIdentifier(encryptionOID), new ASN1ObjectIdentifier(digestOID), signedAttr, unsignedAttr)); - } - - /** - * Add a store of precalculated signers to the generator. - * - * @param signerStore store of signers - */ - public void addSigners( - SignerInformationStore signerStore) - { - Iterator it = signerStore.getSigners().iterator(); - - while (it.hasNext()) - { - _oldSigners.add(it.next()); - } - } - - public void addSignerInfoGenerator(SignerInfoGenerator sigInfoGen) - { - signerInfoGens.add(sigInfoGen); - } - - /** - * add the certificates and CRLs contained in the given CertStore - * to the pool that will be included in the encoded signature block. - * <p> - * Note: this assumes the CertStore will support null in the get - * methods. - * </p> - * @param certStore CertStore containing the certificates and CRLs to be added. - * @deprecated use addCertificates(Store) and addCRLs(Store) - */ - public void addCertificatesAndCRLs( - CertStore certStore) - throws CertStoreException, SMIMEException - { - _certStores.add(certStore); - } - - public void addCertificates( - Store certStore) - { - certStores.add(certStore); - } - - public void addCRLs( - Store crlStore) - { - crlStores.add(crlStore); - } - - public void addAttributeCertificates( - Store certStore) - { - attrCertStores.add(certStore); - } - - /** - * Add the attribute certificates contained in the passed in store to the - * generator. - * - * @param store a store of Version 2 attribute certificates - * @throws CMSException if an error occurse processing the store. - * @deprecated use addAttributeCertificates(Store) - */ - public void addAttributeCertificates( - X509Store store) - throws CMSException - { - _attributeCerts.add(store); - } - - private void addHashHeader( - StringBuffer header, - List signers) - { - int count = 0; - - // - // build the hash header - // - Iterator it = signers.iterator(); - Set micAlgSet = new TreeSet(); - - while (it.hasNext()) - { - Object signer = it.next(); - ASN1ObjectIdentifier digestOID; - - if (signer instanceof Signer) - { - digestOID = ((Signer)signer).getDigestOID(); - } - else if (signer instanceof SignerInformation) - { - digestOID = ((SignerInformation)signer).getDigestAlgorithmID().getAlgorithm(); - } - else - { - digestOID = ((SignerInfoGenerator)signer).getDigestAlgorithm().getAlgorithm(); - } - - String micAlg = (String)micAlgs.get(digestOID); - - if (micAlg == null) - { - micAlgSet.add("unknown"); - } - else - { - micAlgSet.add(micAlg); - } - } - - it = micAlgSet.iterator(); - - while (it.hasNext()) - { - String alg = (String)it.next(); - - if (count == 0) - { - if (micAlgSet.size() != 1) - { - header.append("; micalg=\""); - } - else - { - header.append("; micalg="); - } - } - else - { - header.append(','); - } - - header.append(alg); - - count++; - } - - if (count != 0) - { - if (micAlgSet.size() != 1) - { - header.append('\"'); - } - } - } - - /* - * at this point we expect our body part to be well defined. - */ - private MimeMultipart make( - MimeBodyPart content, - Provider sigProvider) - throws NoSuchAlgorithmException, SMIMEException - { - try - { - MimeBodyPart sig = new MimeBodyPart(); - - sig.setContent(new ContentSigner(content, false, sigProvider), DETACHED_SIGNATURE_TYPE); - sig.addHeader("Content-Type", DETACHED_SIGNATURE_TYPE); - sig.addHeader("Content-Disposition", "attachment; filename=\"smime.p7s\""); - sig.addHeader("Content-Description", "S/MIME Cryptographic Signature"); - sig.addHeader("Content-Transfer-Encoding", encoding); - - // - // build the multipart header - // - StringBuffer header = new StringBuffer( - "signed; protocol=\"application/pkcs7-signature\""); - - List allSigners = new ArrayList(_signers); - - allSigners.addAll(_oldSigners); - - allSigners.addAll(signerInfoGens); - - addHashHeader(header, allSigners); - - MimeMultipart mm = new MimeMultipart(header.toString()); - - mm.addBodyPart(content); - mm.addBodyPart(sig); - - return mm; - } - catch (MessagingException e) - { - throw new SMIMEException("exception putting multi-part together.", e); - } - } - - private MimeMultipart make( - MimeBodyPart content) - throws SMIMEException - { - try - { - MimeBodyPart sig = new MimeBodyPart(); - - sig.setContent(new ContentSigner(content, false), DETACHED_SIGNATURE_TYPE); - sig.addHeader("Content-Type", DETACHED_SIGNATURE_TYPE); - sig.addHeader("Content-Disposition", "attachment; filename=\"smime.p7s\""); - sig.addHeader("Content-Description", "S/MIME Cryptographic Signature"); - sig.addHeader("Content-Transfer-Encoding", encoding); - - // - // build the multipart header - // - StringBuffer header = new StringBuffer( - "signed; protocol=\"application/pkcs7-signature\""); - - List allSigners = new ArrayList(_signers); - - allSigners.addAll(_oldSigners); - - allSigners.addAll(signerInfoGens); - - addHashHeader(header, allSigners); - - MimeMultipart mm = new MimeMultipart(header.toString()); - - mm.addBodyPart(content); - mm.addBodyPart(sig); - - return mm; - } - catch (MessagingException e) - { - throw new SMIMEException("exception putting multi-part together.", e); - } - } - - /* - * at this point we expect our body part to be well defined - generate with data in the signature - */ - private MimeBodyPart makeEncapsulated( - MimeBodyPart content, - Provider sigProvider) - throws NoSuchAlgorithmException, SMIMEException - { - try - { - MimeBodyPart sig = new MimeBodyPart(); - - sig.setContent(new ContentSigner(content, true, sigProvider), ENCAPSULATED_SIGNED_CONTENT_TYPE); - sig.addHeader("Content-Type", ENCAPSULATED_SIGNED_CONTENT_TYPE); - sig.addHeader("Content-Disposition", "attachment; filename=\"smime.p7m\""); - sig.addHeader("Content-Description", "S/MIME Cryptographic Signed Data"); - sig.addHeader("Content-Transfer-Encoding", encoding); - - return sig; - } - catch (MessagingException e) - { - throw new SMIMEException("exception putting body part together.", e); - } - } - - /* - * at this point we expect our body part to be well defined - generate with data in the signature - */ - private MimeBodyPart makeEncapsulated( - MimeBodyPart content) - throws SMIMEException - { - try - { - MimeBodyPart sig = new MimeBodyPart(); - - sig.setContent(new ContentSigner(content, true), ENCAPSULATED_SIGNED_CONTENT_TYPE); - sig.addHeader("Content-Type", ENCAPSULATED_SIGNED_CONTENT_TYPE); - sig.addHeader("Content-Disposition", "attachment; filename=\"smime.p7m\""); - sig.addHeader("Content-Description", "S/MIME Cryptographic Signed Data"); - sig.addHeader("Content-Transfer-Encoding", encoding); - - return sig; - } - catch (MessagingException e) - { - throw new SMIMEException("exception putting body part together.", e); - } - } - - /** - * Return a map of oids and byte arrays representing the digests calculated on the content during - * the last generate. - * - * @return a map of oids (as String objects) and byte[] representing digests. - */ - public Map getGeneratedDigests() - { - return new HashMap(_digests); - } - - /** - * generate a signed object that contains an SMIME Signed Multipart - * object using the given provider. - * @param content the MimeBodyPart to be signed. - * @param sigProvider the provider to be used for the signature. - * @return a Multipart containing the content and signature. - * @throws NoSuchAlgorithmException if the required algorithms for the signature cannot be found. - * @throws NoSuchProviderException if no provider can be found. - * @throws SMIMEException if an exception occurs in processing the signature. - * @deprecated use generate(MimeBodyPart) - */ - public MimeMultipart generate( - MimeBodyPart content, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, SMIMEException - { - return make(makeContentBodyPart(content), SMIMEUtil.getProvider(sigProvider)); - } - - /** - * generate a signed object that contains an SMIME Signed Multipart - * object using the given provider. - * @param content the MimeBodyPart to be signed. - * @param sigProvider the provider to be used for the signature. - * @return a Multipart containing the content and signature. - * @throws NoSuchAlgorithmException if the required algorithms for the signature cannot be found. - * @throws SMIMEException if an exception occurs in processing the signature. - */ - public MimeMultipart generate( - MimeBodyPart content, - Provider sigProvider) - throws NoSuchAlgorithmException, SMIMEException - { - return make(makeContentBodyPart(content), sigProvider); - } - - /** - * generate a signed object that contains an SMIME Signed Multipart - * object using the given provider from the given MimeMessage - * - * @throws NoSuchAlgorithmException if the required algorithms for the signature cannot be found. - * @throws NoSuchProviderException if no provider can be found. - * @throws SMIMEException if an exception occurs in processing the signature. - */ - public MimeMultipart generate( - MimeMessage message, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, SMIMEException - { - return generate(message, SMIMEUtil.getProvider(sigProvider)); - } - - /** - * generate a signed object that contains an SMIME Signed Multipart - * object using the given provider from the given MimeMessage - * - * @throws NoSuchAlgorithmException if the required algorithms for the signature cannot be found. - * @throws NoSuchProviderException if no provider can be found. - * @throws SMIMEException if an exception occurs in processing the signature. - */ - public MimeMultipart generate( - MimeMessage message, - Provider sigProvider) - throws NoSuchAlgorithmException, SMIMEException - { - try - { - message.saveChanges(); // make sure we're up to date. - } - catch (MessagingException e) - { - throw new SMIMEException("unable to save message", e); - } - - return make(makeContentBodyPart(message), sigProvider); - } - - public MimeMultipart generate( - MimeBodyPart content) - throws SMIMEException - { - return make(makeContentBodyPart(content)); - } - - /** - * generate a signed message with encapsulated content - * <p> - * Note: doing this is strongly <b>not</b> recommended as it means a - * recipient of the message will have to be able to read the signature to read the - * message. - */ - public MimeBodyPart generateEncapsulated( - MimeBodyPart content) - throws SMIMEException - { - return makeEncapsulated(makeContentBodyPart(content)); - } - - /** - * generate a signed message with encapsulated content - * <p> - * Note: doing this is strongly <b>not</b> recommended as it means a - * recipient of the message will have to be able to read the signature to read the - * message. - * @deprecated use generateEncapsulated(content) - */ - public MimeBodyPart generateEncapsulated( - MimeBodyPart content, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, SMIMEException - { - return makeEncapsulated(makeContentBodyPart(content), SMIMEUtil.getProvider(sigProvider)); - } - - /** - * generate a signed message with encapsulated content - * <p> - * Note: doing this is strongly <b>not</b> recommended as it means a - * recipient of the message will have to be able to read the signature to read the - * message. - * @deprecated use generateEncapsulated(content) - */ - public MimeBodyPart generateEncapsulated( - MimeBodyPart content, - Provider sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, SMIMEException - { - return makeEncapsulated(makeContentBodyPart(content), sigProvider); - } - - /** - * generate a signed object that contains an SMIME Signed Multipart - * object using the given provider from the given MimeMessage. - * <p> - * Note: doing this is strongly <b>not</b> recommended as it means a - * recipient of the message will have to be able to read the signature to read the - * message. - * @deprecated use generateEncapsulated(content) - */ - public MimeBodyPart generateEncapsulated( - MimeMessage message, - String sigProvider) - throws NoSuchAlgorithmException, NoSuchProviderException, SMIMEException - { - return generateEncapsulated(message, SMIMEUtil.getProvider(sigProvider)); - } - - /** - * generate a signed object that contains an SMIME Signed Multipart - * object using the given provider from the given MimeMessage. - * <p> - * Note: doing this is strongly <b>not</b> recommended as it means a - * recipient of the message will have to be able to read the signature to read the - * message. - * @deprecated use generateEncapsulated(content) - */ - public MimeBodyPart generateEncapsulated( - MimeMessage message, - Provider sigProvider) - throws NoSuchAlgorithmException, SMIMEException - { - try - { - message.saveChanges(); // make sure we're up to date. - } - catch (MessagingException e) - { - throw new SMIMEException("unable to save message", e); - } - - return makeEncapsulated(makeContentBodyPart(message), sigProvider); - } - - /** - * Creates a certificate management message which is like a signed message with no content - * or signers but that still carries certificates and CRLs. - * - * @return a MimeBodyPart containing the certs and CRLs. - * @deprecated use generateCertificateManagement() - */ - public MimeBodyPart generateCertificateManagement( - String provider) - throws SMIMEException, NoSuchProviderException - { - return generateCertificateManagement(SMIMEUtil.getProvider(provider)); - } - - /** - * Creates a certificate management message which is like a signed message with no content - * or signers but that still carries certificates and CRLs. - * - * @return a MimeBodyPart containing the certs and CRLs. - * @deprecated use generateCertificateManagement() - */ - public MimeBodyPart generateCertificateManagement( - Provider provider) - throws SMIMEException - { - try - { - MimeBodyPart sig = new MimeBodyPart(); - - sig.setContent(new ContentSigner(null, true, provider), CERTIFICATE_MANAGEMENT_CONTENT); - sig.addHeader("Content-Type", CERTIFICATE_MANAGEMENT_CONTENT); - sig.addHeader("Content-Disposition", "attachment; filename=\"smime.p7c\""); - sig.addHeader("Content-Description", "S/MIME Certificate Management Message"); - sig.addHeader("Content-Transfer-Encoding", encoding); - - return sig; - } - catch (MessagingException e) - { - throw new SMIMEException("exception putting body part together.", e); - } - } - - /** - * Creates a certificate management message which is like a signed message with no content - * or signers but that still carries certificates and CRLs. - * - * @return a MimeBodyPart containing the certs and CRLs. - */ - public MimeBodyPart generateCertificateManagement() - throws SMIMEException - { - try - { - MimeBodyPart sig = new MimeBodyPart(); - - sig.setContent(new ContentSigner(null, true), CERTIFICATE_MANAGEMENT_CONTENT); - sig.addHeader("Content-Type", CERTIFICATE_MANAGEMENT_CONTENT); - sig.addHeader("Content-Disposition", "attachment; filename=\"smime.p7c\""); - sig.addHeader("Content-Description", "S/MIME Certificate Management Message"); - sig.addHeader("Content-Transfer-Encoding", encoding); - - return sig; - } - catch (MessagingException e) - { - throw new SMIMEException("exception putting body part together.", e); - } - } - - private class Signer - { - final PrivateKey key; - final X509Certificate cert; - final ASN1ObjectIdentifier encryptionOID; - final ASN1ObjectIdentifier digestOID; - final AttributeTable signedAttr; - final AttributeTable unsignedAttr; - - Signer( - PrivateKey key, - X509Certificate cert, - ASN1ObjectIdentifier digestOID, - AttributeTable signedAttr, - AttributeTable unsignedAttr) - { - this(key, cert, null, digestOID, signedAttr, unsignedAttr); - } - - Signer( - PrivateKey key, - X509Certificate cert, - ASN1ObjectIdentifier encryptionOID, - ASN1ObjectIdentifier digestOID, - AttributeTable signedAttr, - AttributeTable unsignedAttr) - { - this.key = key; - this.cert = cert; - this.encryptionOID = encryptionOID; - this.digestOID = digestOID; - this.signedAttr = signedAttr; - this.unsignedAttr = unsignedAttr; - } - - public X509Certificate getCert() - { - return cert; - } - - public ASN1ObjectIdentifier getEncryptionOID() - { - return encryptionOID; - } - - public ASN1ObjectIdentifier getDigestOID() - { - return digestOID; - } - - public PrivateKey getKey() - { - return key; - } - - public AttributeTable getSignedAttr() - { - return signedAttr; - } - - public AttributeTable getUnsignedAttr() - { - return unsignedAttr; - } - } - - private class ContentSigner - implements SMIMEStreamingProcessor - { - private final MimeBodyPart content; - private final boolean encapsulate; - private final Provider provider; - private final boolean noProvider; - - ContentSigner( - MimeBodyPart content, - boolean encapsulate, - Provider provider) - { - this.content = content; - this.encapsulate = encapsulate; - this.provider = provider; - this.noProvider = false; - } - - ContentSigner( - MimeBodyPart content, - boolean encapsulate) - { - this.content = content; - this.encapsulate = encapsulate; - this.provider = null; - this.noProvider = true; - } - - protected CMSSignedDataStreamGenerator getGenerator() - throws CMSException, CertStoreException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException - { - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - for (Iterator it = _certStores.iterator(); it.hasNext();) - { - gen.addCertificatesAndCRLs((CertStore)it.next()); - } - - for (Iterator it = certStores.iterator(); it.hasNext();) - { - gen.addCertificates((Store)it.next()); - } - - for (Iterator it = crlStores.iterator(); it.hasNext();) - { - gen.addCRLs((Store)it.next()); - } - - for (Iterator it = attrCertStores.iterator(); it.hasNext();) - { - gen.addAttributeCertificates((Store)it.next()); - } - - for (Iterator it = _attributeCerts.iterator(); it.hasNext();) - { - gen.addAttributeCertificates((X509Store)it.next()); - } - - for (Iterator it = _signers.iterator(); it.hasNext();) - { - Signer signer = (Signer)it.next(); - - if (signer.getEncryptionOID() != null) - { - gen.addSigner(signer.getKey(), signer.getCert(), signer.getEncryptionOID().getId(), signer.getDigestOID().getId(), signer.getSignedAttr(), signer.getUnsignedAttr(), provider); - } - else - { - gen.addSigner(signer.getKey(), signer.getCert(), signer.getDigestOID().getId(), signer.getSignedAttr(), signer.getUnsignedAttr(), provider); - } - } - - for (Iterator it = signerInfoGens.iterator(); it.hasNext();) - { - gen.addSignerInfoGenerator((SignerInfoGenerator)it.next()); - } - - gen.addSigners(new SignerInformationStore(_oldSigners)); - - return gen; - } - - private void writeBodyPart( - OutputStream out, - MimeBodyPart bodyPart) - throws IOException, MessagingException - { - if (bodyPart.getContent() instanceof Multipart) - { - Multipart mp = (Multipart)bodyPart.getContent(); - ContentType contentType = new ContentType(mp.getContentType()); - String boundary = "--" + contentType.getParameter("boundary"); - - SMIMEUtil.LineOutputStream lOut = new SMIMEUtil.LineOutputStream(out); - - Enumeration headers = bodyPart.getAllHeaderLines(); - while (headers.hasMoreElements()) - { - lOut.writeln((String)headers.nextElement()); - } - - lOut.writeln(); // CRLF separator - - SMIMEUtil.outputPreamble(lOut, bodyPart, boundary); - - for (int i = 0; i < mp.getCount(); i++) - { - lOut.writeln(boundary); - writeBodyPart(out, (MimeBodyPart)mp.getBodyPart(i)); - lOut.writeln(); // CRLF terminator - } - - lOut.writeln(boundary + "--"); - } - else - { - if (SMIMEUtil.isCanonicalisationRequired(bodyPart, defaultContentTransferEncoding)) - { - out = new CRLFOutputStream(out); - } - - bodyPart.writeTo(out); - } - } - - public void write(OutputStream out) - throws IOException - { - try - { - CMSSignedDataStreamGenerator gen = getGenerator(); - - OutputStream signingStream = gen.open(out, encapsulate); - - if (content != null) - { - if (!encapsulate) - { - writeBodyPart(signingStream, content); - } - else - { - content.getDataHandler().setCommandMap(addCommands(CommandMap.getDefaultCommandMap())); - - content.writeTo(signingStream); - } - } - - signingStream.close(); - - _digests = gen.getGeneratedDigests(); - } - catch (MessagingException e) - { - throw new IOException(e.toString()); - } - catch (NoSuchAlgorithmException e) - { - throw new IOException(e.toString()); - } - catch (NoSuchProviderException e) - { - throw new IOException(e.toString()); - } - catch (CMSException e) - { - throw new IOException(e.toString()); - } - catch (InvalidKeyException e) - { - throw new IOException(e.toString()); - } - catch (CertStoreException e) - { - throw new IOException(e.toString()); - } - } - } -} |